A password authentication scheme with secure password updating
A “magic word”, which one knows and others don’t, opens the door for an opportunity and diversifies an individual selecting them from an enormous crowd.
We can say that password is the oldest and the most widely used pillar of authentication, which is extensively used in 21st century Internet.
However, despite the long history of updates of authentication protocols, still there is some room for attacks.
Passwords are still widely used in HTTP to give users access to restricted resources.
Next step was to change passwords to some values which were useless for passive eavesdroppers: people started hashing the password.
Since both server and user had the same password, they could produce identical hashes of those and compare them, with user sending the hash to server. Attackers used two ways to overcome this:many people make their passwords “easy-to-remember”, so they attackers hashed a big set of popular words and by knowing the hash, could easily “lookup” the original password if it happened to be from the produced “dictionary”: a dictionary attack was invented.
Just getting to know other person’s password allows you to become that person in the eyes of others, do whatever you please in their name, obtain their privileges in automated systems.
That’s why passwords are so critical to protect properly.